CVE-2020-15096

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-15096

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-15096.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-15096

Aliases

GHSA-6vrv-94jv-crrg

Related

GHSA-6vrv-94jv-crrg

Published

2020-07-07T00:15:10.417Z

Modified

2026-02-11T12:33:09.989212Z

Severity

6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using "contextIsolation" are affected. There are no app-side workarounds, you must update your Electron version to be protected. This is fixed in versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21.

References

Affected packages

Git / github.com/electron/electron

Affected ranges

Type: GIT
Repo: https://github.com/electron/electron
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

aa863bc323d8ddfcae9e1211d9c2cb05f1f77c46

Introduced

1af3a71fdbb3130fd581b12d8f5a7440e7a04fc6

Fixed

d8f90444aa654f886016a22cb771df99c3616178

Introduced

3083693e67632720b8d12b32d3811be0f4336318

Fixed

0552e0d5de46ffa3b481d741f1db5c779e201565

Affected versions

v7.*

v7.0.0

v7.0.1

v7.1.0

v7.1.1

v7.1.10

v7.1.11

v7.1.12

v7.1.13

v7.1.14

v7.1.2

v7.1.3

v7.1.4

v7.1.5

v7.1.6

v7.1.7

v7.1.8

v7.1.9

v7.2.0

v7.2.1

v7.2.2

v7.2.3

v8.*

v8.0.0

v8.0.1

v8.0.2

v8.0.3

v8.1.0

v8.1.1

v8.2.0

v8.2.1

v8.2.2

v8.2.3

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-15096.json"